Adding a feature to the smbd

Richard Sharpe sharpe at
Sat Jan 20 23:16:10 GMT 2001

At 09:13 PM 1/20/01 +0100, Thomas Langås wrote:

Hi, too ...

Can you get rid of the popen in the code ... It is a security risk ...
There is a safe way to do this that is part of one of the parameters
introduced in 2.0.7, as I recall.

>I've been trying to add a feature I called "enhanced path" to the smb.conf,
>basically this was meant to be a command you specified (for instance a
>shell-script) which, when executed, gave _one_ line of output, and this was
>then treated as path. I only added a few lines of code, but it don't seem to
>work like it should, cause the "enhanced path" option doesn't run. So, this
>is what I did to the samba-code:
>(all from loadparam.c)
>This is the diff from the original one:
>< static BOOL handle_enhanced_path(char *pszParmValue,char **ptr);
><   {"enhanced path",    P_STRING,  P_LOCAL,  &sDefault.szPath,
>handle_enhanced_path,   NULL,
>< //Don't know is this one is needed...
>< FN_LOCAL_STRING(lp_enhanced_pathname,szPath)
><  This routine allows you to define a shell-script/program that returns a
><  string. This string will then be the path used.
><  pszParmValue - Contains the command
><  ptr          - Points to szPath
><  This routine is done by Thomas Langås (tlan at
>< static BOOL handle_enhanced_path(char *pszParmValue,char **ptr)
>< {
><       pstring output, cmd;
><       FILE *mypipe;
><       int retvalue;
><       pstrcpy(cmd, pszParmValue);
><       standard_sub_basic(cmd);
><       if ((mypipe = popen(cmd, "r")) != NULL) {
><               if (fgets(output, sizeof(output), mypipe) != NULL) {
><                       retvalue = pclose(mypipe);
><               } else {
><                       //Just ditch the rest of the output
><                       while (fgets(cmd, sizeof(cmd), mypipe) != NULL) {}
><                       retvalue = pclose(mypipe); 
><               }
><               if (retvalue != 0) 
><                       DEBUG(0, ("handle_enhanced_path: Command exited
with value %d, it echoed \047%s\047", retvalue, output));
><               unix_to_dos(output, True);
><               string_set(ptr, (char *) &output[0]);
><               return(True);
><       } else { //Error
><               DEBUG(0, ("handle_enhanced_path: Failed trying to open
>\047%s\047 as pipe\n", pszParmValue));
><               return(True);
><       }
>< }
>And this is a snatch from syslog:
>Jan 20 20:47:49 zebra smbd.tlan[559]: [2001/01/20 20:47:49, 0]
>Jan 20 20:47:49 zebra smbd.tlan[559]:   handle_enhanced_path: Command
exited with value -1, it echoed '%H/.profil/stud
>So, what am I doing wrong? This code get's run each time there's a "path
=" in
>the config, but not when there's a "enhanced path =" instead.
>You my ask why I want this, and it's all because we've got several labs
>where I work, and we need different configuration for each lab, and we have
>profiles over samba-shares. So the idea with this was something like this:
>  enhanced path = /usr/local/samba/bin/ %I
>And, then path should be set to the path returned by that command (which
>would depend on the IP in this case).

Richard Sharpe, sharpe at
Samba (Team member,, Ethereal (Team member,
Contributing author, SAMS Teach Yourself Samba in 24 Hours
Author, Special Edition, Using Samba

More information about the samba-technical mailing list